"it-security" and reporter uses SamyGO-Hacks.
http://www.heute.at/digital/multimedia/ ... 72,1158127
see copyright note
http://www.heute.at/storage/pic/bilder/ ... 1431279141
full video in german
http://www.daserste.de/information/wirt ... b-100.html
ARD TV-Show "hacking" smarttv camera and microphon
Re: ARD TV-Show "hacking" smarttv camera and microphon
Excellent
Funny is that the guy injects the same lib resident twice, TV must have crashed
Production probably asked him to "fill the screen", or several takes were necessary. Another proof if it was needed that TV shows are only scheming...
Funny is that the guy injects the same lib resident twice, TV must have crashed
Production probably asked him to "fill the screen", or several takes were necessary. Another proof if it was needed that TV shows are only scheming...
You do not have the required permissions to view the files attached to this post.
I do NOT receive any PM. Please use forum.
Re: ARD TV-Show "hacking" smarttv camera and microphon
Yea, i saw this show some days before. Impressive. The goal was to show people the sammy`s are not safe. But for me this generated more questions than answers - guy had to access the local network. And he should have know there is ROOTED smart tv with camera.
btw, why youintube.so is nowhere released yet?
btw, why youintube.so is nowhere released yet?
LE40B653T5W,UE40D6750,UE65Q8C
Have questions? Read SamyGO Wiki, Search on forum first!
FFB (v0.8), FFB for CI+ . Get root on: C series, D series, E series, F series, H series. rooting K series, exeDSP/exeTV patches[C/D/E/F/H]
DO NOT EVER INSTALL FIRMWARE UPGRADE
Have questions? Read SamyGO Wiki, Search on forum first!
FFB (v0.8), FFB for CI+ . Get root on: C series, D series, E series, F series, H series. rooting K series, exeDSP/exeTV patches[C/D/E/F/H]
DO NOT EVER INSTALL FIRMWARE UPGRADE
-
- Official SamyGO Developer
- Posts: 1700
- Joined: Fri Oct 02, 2009 8:52 am
- Location: Austria/Vienna (no Kangaroos here)
- Contact:
Re: ARD TV-Show "hacking" smarttv camera and microphon
guess it streams the data from the skype-libraryjuuso wrote:...
btw, why youintube.so is nowhere released yet?
Re: ARD TV-Show "hacking" smarttv camera and microphon
He did by faking the DVB-T stream to insert his server ip instead of the original hbbtv service. Probably he built a ssh tunnel (note his host name he is using). I captured some nice terminal lines for you guys. (but the board reduced the solution)juuso wrote:guy had to access the local network
You do not have the required permissions to view the files attached to this post.
- beatfreak
- SamyGO Project Donor
- Posts: 591
- Joined: Tue Aug 23, 2011 9:03 am
- Location: Hamburg
- Contact:
Re: ARD TV-Show "hacking" smarttv camera and microphon
192.168.90.245 sounds like tunnel, i don't know any router make where this address is in the standard dhcp pool
but the concept of "rooting without touching" is quite interesting, sure the minority of users will be able to set up a faked DVB-T source...
on the other side, even if one finds a way to do it, there only will be stuid reporters who use it to scare dumb people...
what do you think are the blurred parts of his terminal output?
but the concept of "rooting without touching" is quite interesting, sure the minority of users will be able to set up a faked DVB-T source...
on the other side, even if one finds a way to do it, there only will be stuid reporters who use it to scare dumb people...
what do you think are the blurred parts of his terminal output?
//UE40C6500 @ T-VALDEUC 3011 // rooted manual HotelMode style // PVR to NFS via 18MB on-the-fly sparse XFS //
FYI: you can close your ssh session with SamyGO with
If you can't fix it using dvct tape, you are not using enough dvct tape.
FYI: you can close your ssh session with SamyGO with
Code: Select all
~.
-
- SamyGO Project Donor
- Posts: 18
- Joined: Wed Feb 11, 2015 12:45 pm
Re: ARD TV-Show "hacking" smarttv camera and microphon
Rooting without touching shouldnt be a problem... at least not over dvb-t (dvb-t with hbbtv signals are super eazy to make with hw for less then 100$, no expirience at all with dvb-s, dvb-c should be the same as t, but you have to cut trough a cable or something eheheheh).
The old exeDSP is full of bugs / the new exeAPP probablie too. dont really see the difficulty in this.
Additionally you can upgrade the firmware in many models over dvb.... As shown in talks before (https://vimeo.com/113053663)
We dont see in this movie what he does exactly, tough this paper of him explains probably how: http://www.isti.tu-berlin.de/fileadmin/ ... c_2014.pdf
The user actually has to download the Media file...
Are there any other remote attacks shown in the paper that i missed?
Sad the tv show either brings unpublished material and / or no background information, while there are many many eazy ways to do this...
and sorry for the bit salty comment hehehehe i just dont like it if tv shows make a statement but dont back it up at all
The old exeDSP is full of bugs / the new exeAPP probablie too. dont really see the difficulty in this.
Additionally you can upgrade the firmware in many models over dvb.... As shown in talks before (https://vimeo.com/113053663)
We dont see in this movie what he does exactly, tough this paper of him explains probably how: http://www.isti.tu-berlin.de/fileadmin/ ... c_2014.pdf
The user actually has to download the Media file...
additionally he talks about exeDSP which is only used in the old models... Comon, these models use gecko from 2012 ~ for theyer hbbtv browser... just send an hbbtv signal and use an drive by injection...First, the attacker places a
manipulated popular video file on the Internet or targets it
directly at a specific victim (1). The victim downloads and
places the file on storage connected to the TV (2). The TV
is compromised as the victim starts to play back the video
on the TV (3). Then the attacker?s payload is executed on the
TV, which, e.g., attacks other systems on the local network or
transmits data from the built-in camera and microphone (4).
Are there any other remote attacks shown in the paper that i missed?
Sad the tv show either brings unpublished material and / or no background information, while there are many many eazy ways to do this...
and sorry for the bit salty comment hehehehe i just dont like it if tv shows make a statement but dont back it up at all